European Commission immediately hits Big Tech with investigations for DMA non-compliance

On 25 March 2024, the European Commission (“Commission”) launched five non-compliance probes against Apple, Alphabet (Google) and Meta pursuant to Article 20 of its flagship Digital Markets Act (“DMA”). These are the first non-compliance probes to be launched against gatekeeper technology companies in Europe.

Our perspective

Despite having had over one year to prepare and following several rounds of Commission-led compliance workshops, this first batch of non-compliance probes reveal that Apple, Alphabet and Meta have failed to convince the Commission that certain aspects of their core platform services comply with the DMA (see details below). The Commission waited just 2 weeks following deadline day (7 March 2024) to launch these non-compliance probes, sending a very clear message to Big Tech that it won’t stand for prevarication and will use all the tools in its new DMA toolbox to enforce swift compliance.

The Commission’s announcement that it is launching these five probes is welcome and, although very little detail is known at this stage, unsurprising. At least in respect of Google’s self-preferencing in relation to its own services and Apple’s anti-steering rules, these companies have been on notice since at least 2010 and 2019, respectively, that their conduct is prima facie unfair and / or restricting contestability on certain European digital markets. Interestingly, during the compliance workshops held in late March 2024, Apple and Google’s representatives emphasised that “change does not happen overnight” and that compliance would be an “iterative” process. These sentiments are telling. Even if taken in isolation (which they shouldn’t be), statements that compliance with the DMA is an ongoing process after the deadline for compliance seem to make enforcement steps inevitable. Indeed, the approach taken by these two gatekeepers in respect of anti-steering and self-preferencing looks on its face like fairly brazen non-compliance. As for the gatekeepers’ assertions that complying with the DMA impinges the security of some services, Commissioner Vestager has now publicly dismissed such assertions as “complete nonsense”. The onus is clearly on the gatekeepers to make their services safe for consumers and to comply with the DMA at the same time; there is no trade off.

The digital markets in which these gatekeepers operate are not static; the parameters of fairness and contestability are constantly changing, and the Commission’s antitrust decisional practice has shown that subtle changes in gatekeeper behaviour can have a significant impact on those parameters in Europe’s digital markets. There can be no doubt that, given the dynamic nature of the markets, it will be challenging for the Commission to work through the issues with the gatekeepers and affected stakeholders across the full spectrum of core platform services.  Within the tight timeframe of 12 months, which the Commission will endeavour to adhere to when investigating DMA non-compliance, the task is particularly tough.  It is therefore reassuring to note the Commission’s explicit reference in its press release announcing this first batch of probes to the “anti-circumvention” obligation contained in Article 13 of the DMA. The Commission appears to be indicating from the get-go that, notwithstanding the complexity of the task ahead, any resistance on the part of the gatekeepers that serves to undermine full and effective compliance with Articles 5, 6 and 7 of the DMA, whether it be of contractual, commercial technical or behavioural nature, will not be tolerated.

Given the direct applicability of the DMA, if the Commission were to conclude on or before 7 March 2025 that Apple, Alphabet and Meta have breached their DMA obligations, then we can expect private actions for damages to be brought by businesses and consumers across Europe, relying on the Commission’s liability findings as the basis for those actions.

Context

The DMA entered into force on 1 November 2022. As we wrote about here, on 6 September 2023, the Commission designated six companies as “gatekeepers” under the DMA: Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft. At the same time, the Commission designated 22 core platform services.  Following designation, the gatekeepers had six months to ensure that they were compliant with the obligations imposed under the DMA and were required to prove their compliance in reports, non-confidential versions of which were published on 7 March 2024 (and can be accessed here).  The Commission has held several workshops, most recently in late March (recordings of which are available here), at which third-party stakeholders provided their views to assist the Commission in assessing the extent to which the measures proposed by each gatekeeper effectively comply with the DMA obligations.

The five probes

Anti-steering (app stores)

Both Apple and Google’s app stores are in the Commission’s crosshairs in respect of anti-steering conduct. Under Article 5(4) of the DMA, gatekeepers are required to allow business users (developers in this context), free of charge, to communicate and promote offers to end users and to conclude contracts with those end users. The Commission is concerned that both Apple and Google’s proposed measures breach Article 5(4) as they continue to impose various restrictions on developers, for example: by imposing various charges on any contracts concluded between developers and end users outside of the app store.

Self-preferencing (search services)

The Commission is concerned that Google’s measures to comply with Article 6(5) of the DMA are inadequate. Article 6(5) requires gatekeepers not to treat more favourably, in ranking and related indexing and crawling, services and products offered by the gatekeeper itself than similar services or products offered by a competitor. Further, gatekeepers must apply transparent, fair and non-discriminatory conditions to such ranking. The Commission is now investigating whether Google is treating its own services (e.g., Google Shopping; Google Flights; Google Hotels) more favourably than rival services.

User choice (app stores and web browsers)

Under Article 6(3) of the DMA, gatekeepers must allow end users to easily un-install any apps and easily change default settings on their operating systems, including by offering users access to rival services, via choice screens, effectively enabling users to set non-gatekeeper services as the default on their devices. The Commission is investigating whether Apple’s new measures are compliant with the full suite of obligations in Article 6(3) and makes specific reference to the design of Apple’s web browser choice screen on iPhones, to ensure that users can effectively switch away from Safari.

Data combination (social media services)

Under 5(2) of the DMA, unless end users provide specific consent, gatekeepers are prohibited from combining or cross-using end-user personal data across different core platform services.  Since November 2023, Meta have offered a “pay or consent” model in the EU whereby end-users have a binary choice between either consenting to a version of Facebook and Instagram supported by targeted / personalised ads (which requires data processing) or paying a ‘subscription for no ads’ version of these two services (for 5.99 euros per month). The Commission has indicated that it is concerned that this binary choice may not provide those end-users that do not consent with a subscription service that is of comparable quality.

Other “preliminary investigations” and steps

In addition to the five probes outlined above, the Commission has launched investigatory steps relating to the new fee structure and conditions Apple has introduced for alternative app stores, and into whether Amazon may be preferencing its own brand products on the Amazon Store.  The Commission has also ordered five gatekeepers to retain certain documents to enable the Commission to effectively monitor gatekeepers’ compliance with their obligations. 

Commissioner Vestager indicated on 3 April 2024 (at the time of writing this blog) that further non-compliance probes are “highly likely”; we will write about those separate probes once details are published. 

Consequences of non-compliance

Under Article 29 of the DMA, the Commission shall endeavour to conclude its probes within 12 months. If the Commission finds an infringement gatekeepers could be fined up to 10% of the company’s total worldwide annual turnover, or up to 20% in the event of repeated infringements. If the Commission considers it appropriate, it can also impose periodic penalty payments of up to 5% of the gatekeeper’s average daily turnover.

In case of systematic infringements, the Commission may conduct a market investigation and, if proportionate, impose additional non-financial remedies, including behavioural and structural remedies, e.g. the divestiture of parts of the gatekeeper’s business.